Summary Google says ShinyHunters exploited a zero-day flaw in Oracle PeopleSoft, targeting organizations in an extortion campaign affecting over 100 entities before a patch was issued.
(Reuters) - Alphabet's (GOOGL.O) cybersecurity unit Mandiant and Google Threat Intelligence Group said Thursday they had identified an active compromise and extortion campaign targeting Oracle's (ORCL.N) PeopleSoft enterprise software, which they attributed to the hacking group ShinyHunters.
The campaign took place between May 27 and June 9, Google said in a blog.
PeopleSoft is an enterprise resource planning suite used by organizations to manage core business functions including human resources, finance and supply-chain operations.
After becoming aware of active scanning and exploitation, Google said it notified more than 100 organizations whose IP addresses correlated with potentially vulnerable endpoints. Most were based in the U.S., and 68% were in the higher education sector.
Researchers found that the attackers hosted customized MeshCentral agents disguised as legitimate cloud endpoints, which were used to run administrative command queries.
As the activity occurred before Oracle issued a security advisory on June 10, the hackers were able to exploit the vulnerability as a "zero-day" flaw, meaning there was no patch available at the time of the attacks.
ShinyHunters is a hacking group with a history of targeting global companies for extortion. Last month, the group struck a deal with Instructure, the parent company of education tool Canvas, to secure stolen student and school data.
